Skip to main content
NOPE
In Effect Standard AI Safety

ISO 42001

ISO/IEC 42001:2023 — AI Management Systems

First certifiable international standard for AI management systems. Uses Plan-Do-Check-Act methodology. Third-party certification available; major AI systems have achieved certification.

Jurisdiction

International

Enacted

Pending

Effective

Dec 18, 2023

Enforcement

TBD

ISO

Why It Matters

Becoming de facto compliance demonstration mechanism. Organizations align with EU AI Act using ISO 42001 for risk assessments.

Recent Developments

Microsoft 365 Copilot, AWS, Google Cloud have achieved certification. Increasingly used as "audit language" in procurement.

At a Glance

Who Must Comply

  • Organizations seeking AI management system certification

Obligations fall on:

Safety Provisions

  • AI policy and objectives
  • Risk assessment processes
  • Controls for AI-specific risks
  • Monitoring and measurement
  • Continual improvement

View on map

International

Focus Areas

Algorithmic accountability

Cite This

APA

International. (2023). ISO/IEC 42001:2023 — AI Management Systems.

Related Regulations

In Effect INTL

ISO 23894

AI risk management guidance complementing ISO 31000. Lifecycle risk management; audit/procurement language.

In Effect INTL

UNESCO AI Ethics

Global normative framework adopted by all 193 UN Member States. Policy Area 8 (Health and Social Wellbeing) directly addresses mental health AI.

In Effect INT

OECD AI Due Diligence

Non-binding OECD guidance applying the OECD's six-step responsible business conduct (RBC) due-diligence process to enterprises across the AI value chain, providing practical recommendations for identifying, preventing, mitigating, and accounting for adverse human-rights and societal impacts of AI systems.

In Effect INT

UN/ITU AI & Child Rights Statement

Non-binding multilateral statement signed by thirteen UN and international organisations setting out principles for protecting children's rights in the design, deployment, and governance of AI systems, including provisions on harmful content, age assurance, transparency, and child-rights impact assessments.

Enacted US-MD

MD HB 895

First US state law to outright ban surveillance-based personalized pricing in food retail and third-party delivery, prohibiting use of protected class data and dynamic pricing tied to consumer personal data with limited exceptions for cost-based pricing, loyalty programs, and explicit consent.

In Effect BN

Brunei PDPO

Brunei's personal data protection order requiring DPIA and imposing penalties up to 10% Brunei turnover or $1M.

All regulations Check if this applies to you

Last updated January 22, 2026. Verify against primary sources before relying on this information.